Ok that gives a little different light on the subject. I think it all depends on what you want them to do.
S *********** REPLY SEPARATOR *********** On 12/20/2001 at 2:02 PM Steven Bonici wrote: >I should have explained a little better... Actually it is a software >vendor >using the services of WebEx to take control of a server for support issues >when needed. > >-----Original Message----- >From: Ron DuFresne [mailto:[EMAIL PROTECTED]] >Sent: Thursday, December 20, 2001 1:50 PM >To: Steven Pierce >Cc: Steven Bonici; [EMAIL PROTECTED] >Subject: Re: Taking control of ones machine > > > >Steven, > >I can't answer that for you, you should have more info on the needs of >this vendor then I. Why did they 'claim' to require this level of access? >What are they trying to 'do for you'? I'd certainly be loath to allow any >vendor this level of access to my systems, especially if this is being >done across the Internet, but even if they were in house at my keyboard, >I'd be over their shoulder the whole time <smile>. Far more is done out >of stupidity of vendor consultants then out of any will do to harm in >cases like this. > >Thanks, > >Ron DuFresne > >On Thu, 20 Dec 2001, Steven Pierce wrote: > >> >> Ron, >> >> I agree 100%. I would be asking WHY are they in need of this >> access? If they need access to a server, I would set up one that >> does not give them ANY access to my network. Then I can post >> information on it if needed. Also give them a log in not full access, >> that way (Company) keeps ROOT access... >> >> S >> >> *********** REPLY SEPARATOR *********** >> >> On 12/20/2001 at 12:39 PM Ron DuFresne wrote: >> >> >On Thu, 20 Dec 2001, Steven Bonici wrote: >> > >> > [SNIP] >> > >> >> >> >> I haven't contacted them yet, I thought I would ask here first. Is >there >> >> any documentation or white papers into how this actually works and >what >> >can >> >> be done to protect the machine? Does anyone have any insight into >> >WebEx? I >> >> am really curious as to how easy this is. I know once you go to the >> >WebEx >> >> web site you need to agree and "allow" someone to actually connect, >but >> >it >> >> just seems way too easy. >> >> >> > >> > >> >Just don't install their trojan <smile>. This is basically what you are >> >doing, installing their application that simulates what many trojans do, >> >give unlimited access to the system. >> > >> >Thanks, >> > >> >Ron DuFresne >> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> >"Cutting the space budget really restores my faith in humanity. It >> >eliminates dreams, goals, and ideals and lets us get straight to the >> >business of hate, debauchery, and self-annihilation." -- Johnny Hart >> > ***testing, only testing, and damn good at it too!*** >> > >> >OK, so you're a Ph.D. Just don't touch anything. >> > >> >_______________________________________________ >> >Firewalls mailing list >> >[EMAIL PROTECTED] >> >http://lists.gnac.net/mailman/listinfo/firewalls >> >> >> > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >"Cutting the space budget really restores my faith in humanity. It >eliminates dreams, goals, and ideals and lets us get straight to the >business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > >OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
